• State Suggested Answer
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 434 subscribers
  • Views 4227 views
  • Users 0 members are here
Options
Related

Strange behavior while installing SDLTradosStudio2017_5746

Hiro O

Hello,

I found some random keys are added to the registry while installing SDL Trados Studio 2017.
I'm not allowed to install this kind of program due to security policy.
Does anyone have the information about this issue?

Thanks,

Hiro

---
The steps to reproduce this issue.
1. Prepare install program(*1) and Windows system(*2).
2. Shutdown Windows system after applying all of Windows Update.
3. Take a snapshot (Snapshot1).
* I recommend to remove/disable network adapter before taking a snapshot.
4. Start Windows system.
5. Start Registry Editor and verify the keys under HKEY_CURRENT_USER are normal.
6. Run install program.
7. Take a snapshot (Snapshot2) just before selecting "I accept..." checkbox.
8. Select "I accept the terms of the license agreement" checkbox and click "Next>".
9. After completing the installation, verify the keys under HKEY_CURRENT_USER.

If this issue is reproduced, you'll see some random keys (e.g. aishwarya).

If this issue is not reproduced, back to Snapshot2 and repeat step 8-9.
Note: This issue is not 100% reproducable(*3).

If you get an error after step 8, back to Snapshot1 and repeat step 4-6 & 8-9.

(*1) SDLTradosStudio2017_5746.exe, from SDL website.
(signed by SDL PLC; md5 = 25c7699c9e8b8871af5f5639591bdccb)

(*2) I used three newly created virtual machines for this test:
SYS1 - Windows 7 Enterprise SP1 x86;
SYS2 - Windows 7 Professional SP1 x64;
SYS3 - Windows 10 Pro x64.

(*3) 22%(11/50) on SYS1; 24%(6/25) on SYS2; 30%(6/20) on SYS3 in my test.
---
Rate translation
×
Suggest better translation
×
Moderator UI
×
  • Get AI Suggestion
Parents
  • 0

    Hi,
    I don't see these on my machine (I have not yet run a install test to verify on a clean vm but I will).

    I am not aware of the installation process writing to the user hive as it is not appropriate for a per-machine installation. User based settings are usually only added when Studio starts with the startup wizard.

    A quick search seems to indicate that the KEY_CURRENT_USER\aishwarya\Value key may be related to the Virus:Win32/Sality.AT
    totalhash.cymru.com/.../

    Did you download Studio from the OOS site, or a reseller?

    You should re-download Studio directly from SDL and check that the package you have been testing is not compromised, you can see if the package is digitally signed by checking for the Digital Signature Tab for errors.

    You can also calculate the hashes of the download and compare to the following values:-
    sdltradosstudio2017_5746.exe MD5 - 25c7699c9e8b8871af5f5639591bdccb SHA-1 - 31f9b1813c272ae0586075ca6caec6d9915a7ff1

    A hash calculation tool in case you do not have one - www.microsoft.com/.../details.aspx

    I would also suggest running some AV scans, but it seems like that virus is quite complex and disables some AV software.

    David Watson
    Trados Development Team

  • 0 in reply to David Watson
    Hello Daivd,

    Thanks you very much for the reply.

    > I don't see these on my machine...
    As I noted, this issue is not 100% reproducable (was around 25% in my test).
    If you are at 34th below, you need 13 more tries to reproduce this issue.

    log on SYS1 (11/50)
    -+------+----+--+-+-+-----+--+--+-------------++--
    (+ reproduced, - not reproduced)
    02: alra02z and other random keys are added
    09: aishwarya and other random keys are added
    14: aishwarya and other random keys are added
    17: aishwarya and other random keys are added
    19: alra02z and other random keys are added
    21: alra02z and other random keys are added
    27: aishwarya and other random keys are added
    30: aishwarya and other random keys are added
    33: aishwarya and other random keys are added
    47: alra02z and other random keys are added
    48: jpra00b and other random keys are added

    > You should re-download Studio directly from SDL...
    I re-downloaded .exe directly from SDL before this test.
    - md5 value (already noted) is matched
    - sha1 value (31f9b1813c272ae0586075ca6caec6d9915a7ff1) as well
    - This digital signature is OK

    I'm very glad, now I could know I'm using right .exe file.

    Thanks,

    Hiro
Reply
  • 0 in reply to David Watson
    Hello Daivd,

    Thanks you very much for the reply.

    > I don't see these on my machine...
    As I noted, this issue is not 100% reproducable (was around 25% in my test).
    If you are at 34th below, you need 13 more tries to reproduce this issue.

    log on SYS1 (11/50)
    -+------+----+--+-+-+-----+--+--+-------------++--
    (+ reproduced, - not reproduced)
    02: alra02z and other random keys are added
    09: aishwarya and other random keys are added
    14: aishwarya and other random keys are added
    17: aishwarya and other random keys are added
    19: alra02z and other random keys are added
    21: alra02z and other random keys are added
    27: aishwarya and other random keys are added
    30: aishwarya and other random keys are added
    33: aishwarya and other random keys are added
    47: alra02z and other random keys are added
    48: jpra00b and other random keys are added

    > You should re-download Studio directly from SDL...
    I re-downloaded .exe directly from SDL before this test.
    - md5 value (already noted) is matched
    - sha1 value (31f9b1813c272ae0586075ca6caec6d9915a7ff1) as well
    - This digital signature is OK

    I'm very glad, now I could know I'm using right .exe file.

    Thanks,

    Hiro
Children